request_free(&request);
}
+static void print_tunneled_data(uint8_t *data, size_t data_len)
+{
+ size_t i;
+
+ if ((debug_flag > 2) && fr_log_fp) {
+ for (i = 0; i < data_len; i++) {
+ if ((i & 0x0f) == 0) fprintf(fr_log_fp, " PEAP tunnel data in %04x: ", i);
+
+ fprintf(fr_log_fp, "%02x ", data[i]);
+
+ if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
+ }
+ if ((data_len & 0x0f) != 0) fprintf(fr_log_fp, "\n");
+ }
+}
+
/*
* Process the pseudo-EAP contents of the tunneled data.
int rcode = RLM_MODULE_REJECT;
const uint8_t *data;
unsigned int data_len;
-#ifndef NDEBUG
- size_t i;
-#endif
REQUEST *request = handler->request;
EAP_DS *eap_ds = handler->eap_ds;
tls_session->clean_out.used = 0;
data = tls_session->clean_out.data;
-#ifndef NDEBUG
- if ((debug_flag > 2) && fr_log_fp) {
- for (i = 0; i < data_len; i++) {
- if ((i & 0x0f) == 0) fprintf(fr_log_fp, " PEAP tunnel data in %04x: ", i);
-
- fprintf(fr_log_fp, "%02x ", data[i]);
-
- if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
- }
- if ((data_len & 0x0f) != 0) fprintf(fr_log_fp, "\n");
- }
-#endif
-
if (!eapmessage_verify(request, data, data_len)) {
- RDEBUG2("Tunneled data is invalid.");
+ RDEBUG2("FAILED processing PEAP: Tunneled data is invalid.");
+ if (debug_flag > 2) print_tunneled_data(data, data_len);
return RLM_MODULE_REJECT;
}
}
+ /*
+ * Damned if I know why the clients continue sending EAP
+ * packets after we told them to f*ck off.
+ */
if (t->status == PEAP_STATUS_SENT_TLV_FAILURE) {
- RDEBUG2(" Had sent TLV failure. User was rejected earlier in this session.");
+ RDEBUG(" The users session was previously rejected: returning reject (again.)");
+ RDEBUG(" *** This means you need to read the PREVIOUS messages in the debug output");
+ RDEBUG(" *** to find out the reason why the user was rejected.");
+ RDEBUG(" *** Look for \"reject\" or \"fail\". Those earlier messages will tell you.");
+ RDEBUG(" *** what went wrong, and how to fix the problem.");
return RLM_MODULE_REJECT;
}